CVE-2025-34045
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-11-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weiphp | weiphp | 5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34045 is a path traversal vulnerability in WeiPHP 5.0 that allows unauthenticated remote attackers to read arbitrary files on the server. This happens because the picUrl parameter in the /public/index.php/material/Material/_download_imgage endpoint does not properly validate input, enabling attackers to craft requests that traverse directories and access sensitive files such as configuration files and source code. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information stored on the server, including configuration files and source code. Such exposure can compromise the security of the affected system, potentially allowing further attacks or data breaches. Since it is remotely exploitable without authentication and has a high impact on confidentiality, it poses a significant security risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for suspicious POST requests to the /public/index.php/material/Material/_download_imgage endpoint containing path traversal patterns in the picUrl parameter, such as '../' sequences. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. For manual testing, you can use curl commands to send crafted POST requests to the vulnerable endpoint and observe responses. Example command: curl -X POST -d "picUrl=../../../../etc/passwd" http://<target>/public/index.php/material/Material/_download_imgage [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint, applying input validation and sanitization on the picUrl parameter to prevent directory traversal sequences, and updating WeiPHP to a patched version if available. Additionally, deploying web application firewalls (WAFs) to block malicious requests exploiting path traversal can help reduce risk until a full patch is applied. [1]